IPV4

Used to send data over the Internet and makes interaction between different services possible.

Over the years, as response to these deficiencies and in consideration of a global network in rapid growth, new technologies, like SSL/TLS and IPSec, have been introduced to remedy these issues.

Example Address: 69.89.31.226

Limitations – IPV4

1. Maximum addressing space – uses 32-bit address space.

Scarcity of IPv4 addresses, many organizations implemented NAT to map multiple private addresses to a single public IP address.

NAT does not support network layer security standards and it do not support the mapping of all upper layer protocols.

More servers, workstations and devices which are connected to the internet also demand the need for more addresses and the current statistics prove that public IPv4 address space will be depleted soon.

2. Security Related Issues:

IPv4 was published in 1981 and the current network security threats were not anticipated that time

Internet Protocol Security (IPSec) is a protocol suit which enables network security by protecting the data being sent from being viewed or modified. IPSec provides security for IPv4 packets, but IPSec is not built-in and is optional.

3. Quality of Service QoS:

IPv4 and it relies on the 8 bits of the IPv4 Type of Service (TOS) field and the identification of the payload.

IPv4 Type of Service (TOS) field has limited functionality and payload identification (uses a TCP or UDP port) is not possible when the IPv4 packet payload is encrypted.

Next Generation – IPV6

IPv6 addresses are based on 128 bits.

Sites should run a dual-stack IPv6 configuration.

Otherwise you could miss traffic from users who are only able to access the Internet over IPv6 (which is not backwards compatible with IPv4).

Small amount running IPV6 but will increase.

Only takes one missed customer to make you regret not taking the steps to incorporate IPv6 into your infrastructure.

Example Address: 2002:4559:1FE2::4559:1FE2

Benefits

IPv6 reduces the size of routing tables and makes routing more efficient and hierarchical.

Allows ISPs to aggregate the prefixes of their customers’ networks into a single prefix and announce this one prefix to the IPv6 Internet.

Router will send prefix of the local link in its router advertisements.

Host can generate its own IP by appending its link-layer (MAC) address, converted into Extended Universal Identifier (EUI) 64-bit format, to the 64 bits of the local link prefix.

Eliminating NAT, true end-to-end connectivity at the IP layer is restored, enabling new and valuable services.

Peer-to-peer networks are easier to create and maintain, and services such as VoIP and Quality of Service (QoS) become more robust.

IPSEC- provides confidentiality, authentication and data integrity, is part IPv6.

Because of their potential to carry malware, IPv4 ICMP packets are often blocked by corporate firewalls, but ICMPv6, the implementation of the Internet Control Message Protocol for IPv6, may be permitted because IPSec can be applied to the ICMPv6 packets.

The Secure Neighbour Discovery (SEND) protocol is capable of enabling cryptographic confirmation that a host is who it claims to be at connection time.

Renders Address Resolution Protocol (ARP) poisoning and other naming-based attacks much more difficult.